Okan YILDIZ — CEO

As the Lead Security Engineer, a global leader in aviation technology, I manage a wide range of security responsibilities, from addressing application vulnerabilities and overseeing SAST and DAST, to implementing DevSecOps processes and conducting threat modeling and secure code analysis. With over 9 years of experience in the cybersecurity industry, I bring an impressive combination of technical skills, strategic planning, and team leadership to this role. Prior to joining the current company, I was the Security Team Lead and founding software engineer at Email Security Start-up, where I successfully drove the company from inception to scale, shaping the product development vision and executing the plan in collaboration with technical and business teams. I also run my own enterprise, offering cybersecurity consulting services across diverse sectors, such as finance, healthcare, and education. Additionally, I hold a Software Engineering degree from Manisa Celal Bayar University and multiple professional certifications, including CTIA, CEH, ECIH, CASE.NET, and CCISO. I am passionate about pushing the boundaries of technology and advancing the field of cybersecurity, as evidenced by my various roles and accomplishments. Among my many contributions in cybersecurity, the development of a pioneering DNS tunneling tool stands out. This tool not only spotlighted critical security gaps within DNS infrastructures but also succeeded in bypassing globally recognized security measures, sparking industry-wide discussions and an intensified focus on DNS security measures. Having delivered over 500 hours of intensive training, I've shared my expertise and insights with a plethora of individuals eager to grasp the nuances of cybersecurity. My teaching endeavors have not only enriched others but have also been a testament to my commitment to knowledge-sharing. To foster a sense of community and knowledge-sharing, I founded UniqueSec, a non-profit organization. This initiative has touched the lives of many, reaching over 3,000 participants from more than 50 countries, emphasizing the global impact of my endeavors. Through this platform, I aim to continually educate and alert the tech community on emerging threats and best practices in cybersecurity.

Stackforce AI infers this person is a cybersecurity expert with extensive experience in application and infrastructure security.

Location: Leighton Buzzard, England, United Kingdom

Experience: 12 yrs 1 mo

Skills

Devsecops
Application Security
Leadership
Cloud Computing

Career Highlights

Over 9 years of cybersecurity experience.
Founded UniqueSec, impacting 3,000+ participants globally.
Developed pioneering DNS tunneling tool.

Work Experience

Depop

Staff Security Engineer (4 mos)

Marks and Spencer

Principal Product Security Engineer (9 mos)

SITA

Lead Security Engineer & Architect (1 yr 10 mos)

Cyber Security Start-Up Company

Board Advisor (4 mos)

Lead Security Engineer & Software Developer (1 yr 8 mos)

Senior Security Engineer / Senior Software Developer (4 yrs 9 mos)

UNIQUESEC

Chairman (3 yrs 4 mos)

Secure Debug

Director (5 yrs 3 mos)

MCBÜ Bilişim Topluluğu

Co-Founder (1 yr 6 mos)

Celal Bayar University / Software Club

Founder (3 yrs 4 mos)

Education

Software Engineering at Manisa Celal Bayar University

at Fatih Gelenbevi Anadolu Lisesi

at Keşan Anadolu Lisesi

Okan YILDIZ

CEO

Leighton Buzzard, England, United Kingdom12 yrs 1 mo experience

Highly Stable

Key Highlights

Over 9 years of cybersecurity experience.
Founded UniqueSec, impacting 3,000+ participants globally.
Developed pioneering DNS tunneling tool.

Stackforce AI infers this person is a cybersecurity expert with extensive experience in application and infrastructure security.

Contact

Skills

Core Skills

DevsecopsApplication SecurityLeadershipCloud Computing

Other Skills

ASP.NET MVCAWSAgile MethodologiesArchitecture ReviewsCloud SecurityDASTDevOpsIncident ResponseInformation Security ManagementInformation TechnologyInfrastructure SecurityMalware AnalysisMicrosoft AzurePenetration TestingPython

About

Experience

Depop

Staff Security Engineer

Nov 2025 – Present · 4 mos · London Area, United Kingdom · Hybrid

Depop is the community-powered circular fashion marketplace with over 35 million users, on a mission to make fashion circular. A wholly-owned subsidiary of Etsy since 2021, Depop is headquartered in London with offices in New York and Manchester.As the first technical Security Engineer at Depop, I am responsible for establishing and leading all technical security domains within the Engineering & Data group, collaborating with both the local Information Security team and Etsy's global security organisation.
In my role as Staff Security Engineer at Depop, I took on a variety of responsibilities:
Acting as Security Architect at both Application Security and Infrastructure Security levels, designing and implementing security solutions across the organisation.
Defining and owning the Application Security roadmap and strategy aligned with business objectives
Establishing and leading the Application Security program, performing expert code/design reviews and security testing across engineering and data platforms.
Building and owning the Infrastructure Security function, identifying insecure patterns and establishing infrastructure and network policies.
Pioneering AI/ML Security initiatives, ensuring secure development and deployment of machine learning systems.
Leading Cloud Security efforts across AWS, assessing and addressing risks in cloud infrastructure and implementing AWS security best practices.
Strengthening IAM Security posture and implementing identity management improvements.
Integrating Application Security processes with SIEM for enhanced threat detection and monitoring.
Driving DevSecOps adoption and establishing CI/CD pipeline security standards, integrating SAST, DAST, SCA, Secret Scanning, IaC and Threat Modelling into the SDLC.
Building the vulnerability management program and conducting technical security assessments across the organisation.
Developing a culture of secure engineering and creating scalable security paved paths for engineering teams.

Cloud SecurityDevSecOpsThreat ModelingApplication SecurityInfrastructure Security

Marks and spencer

Principal Product Security Engineer

Feb 2025 – Nov 2025 · 9 mos · London Area, United Kingdom · Hybrid

Marks & Spencer is a major player in the retail sector, focusing on innovation in digital and technology spaces to enhance consumer and business operations. In my role as Principal Security Platform Engineer, I focus on managing and advancing security solutions across various platforms, ensuring comprehensive cyber protection for data, applications, and systems.
In my role as Principal Security Platform Engineer at Marks & Spencer, I took on a variety of responsibilities:
Lead the development and implementation of security initiatives for both cloud and on-premises
environments, utilizing tools like SAST tools and SCA tools, and
applying best practices in Static and Dynamic Application Security Testing (SAST/DAST).
Spearhead the integration of security processes into the Software Development Life Cycle (SDLC),
enhancing DevSecOps practices across development pipelines with a focus on automation and operational efficiency, leveraging tools such as Azure DevOps and GitHub Actions.
Conduct threat modeling and risk assessments to identify and address potential security vulnerabilities
before they impact the business.
Collaborate with external vendors to enhance security tool integration into the application security
workflow, ensuring comprehensive coverage and operational efficiency.
Continuously refine security controls and configurations to advance the organization's DevSecOps posture.
Develop and enforce stringent application security policies and procedures, ensuring alignment with
industry best practices and mitigating potential risks.
Communicate complex security issues effectively to stakeholders, ensuring clear understanding across
departments.
Engage in defining security standards and guardrails, supporting their implementation to optimize security measures within the organization.

SASTDASTDevSecOpsThreat ModelingRisk AssessmentApplication Security

Sita

Lead Security Engineer & Architect

Apr 2023 – Feb 2025 · 1 yr 10 mos · United Kingdom

SITA is a multinational information technology company that provides IT and telecommunication services to the air transport industry. The company serves around 400 members and 2,800 customers worldwide, which represents approximately 90% of the world's airline business.
In my role as Lead Security Engineer and Architect across the Passenger Portfolio, I perform a multitude of roles:
● Implementing threat modelling, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) processes, and managing DevSecOps and Application Security processes across the portfolio.
● Working alongside software teams to address security vulnerabilities, developing and maintaining robust security systems.
● Sharing knowledge on secure software development practices, enhancing the overall security understanding and expertise within the team.
● Responsible for managing all security-related issues across the portfolio, providing solutions and mitigations to ensure the highest level of security.
● Design and implement robust security architectures across all applications and systems, ensuring alignment with industry best practices.
● Lead application security assessments and integrate security life cycle management into development processes.

Threat ModelingSASTDASTDevSecOpsApplication Security

Cyber security start-up company

3 roles

Board Advisor

Dec 2022 – Apr 2023 · 4 mos

DevOps

Lead Security Engineer & Software Developer

Apr 2021 – Dec 2022 · 1 yr 8 mos

Founded in 2016, the company protects businesses throughout the lifecycle of email-based attacks and provides a holistic approach to people, processes, and technology to reduce breaches and data loss. It serves more than 1200 customers including banks, airline companies, governments, and intelligence agencies in 25 countries.
● Leading a team of 20+, supervising the team by providing technical guidance and mentoring; resolving complex issues and applying best practices.
● Implementing threat modelling, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) processes, and managing DevSecOps and Application Security processes..
● Working alongside software teams to address security vulnerabilities, developing and maintaining robust security systems.
● Design and implement robust security architectures across all applications and systems, ensuring alignment with industry best practices.
● Creating a product development vision, working in coordination with the technical and business teams to execute, deliver and improve the products.
● Making a business plan and forwarding it to the technical team, managing end-to-end project plans and ensuring on-time delivery.
● Identifying and validating new feature ideas through experimentation and data, making clear decisions on priority and roadmap, reporting directly to the CEO.

Cloud ComputingDevOpsMicrosoft AzureAWSSoftware DevelopmentDevSecOps

Senior Security Engineer / Senior Software Developer

Jul 2016 – Apr 2021 · 4 yrs 9 mos

● Developing cyber security applications (email security and awareness) for major clients, responsible for R&D, design, development and all software development life cycle processes,
● Identifying vulnerabilities as well as creating and executing solutions, balancing business requirements with information security practices,
● Managing and coaching the software development and security team of 5 according to the business plan and priorities by constantly assessing their performance,
● Collaborating with technical team to support the continuous review and improvement of software development processes in order to maximize the quality of products.● Developing cyber security applications (email security and awareness) for major clients, responsible for R&D, design, development and all software development life cycle processes, ● Identifying vulnerabilities as well as creating and executing solutions, balancing business requirements with information security practices, ● Managing and coaching the software development and security team of 5 according to the business plan and priorities by constantly assessing their performance, ● Collaborating with technical team to support the continuous review and improvement of software development processes in order to maximize the quality of products.
● Implementing threat modelling, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) processes, and managing DevSecOps and Application Security processes..
● Working alongside software teams to address security vulnerabilities, developing and maintaining robust security systems.

ASP.NET MVCMicrosoft AzureAWSPythonAgile MethodologiesDevSecOps+1

Uniquesec

Chairman

Nov 2022 – Present · 3 yrs 4 mos · United Kingdom · Remote

UNIQUESEC is a non-profit organization that brings together professionals in the field of cybersecurity in the world.

Cloud ComputingMicrosoft AzureArchitecture ReviewsLeadership

Secure debug

Director

Nov 2019 – Feb 2025 · 5 yrs 3 mos · United Kingdom · Hybrid

Providing consultancy on cyber security to clients operating in different sectors; key areas of expertise include secure code review, static/dynamic application analysis, IT health check, penetration testing, security assessments, social engineering, and similar services.

Cloud ComputingMicrosoft AzureAWSPenetration TestingDevSecOps